This is a belated stub post about SQLi vulnerabilities I found in XIPBlog (a Prestashop modules developed by Xpert-Idea) back in 2021.
The technical details are available on the advisory here.
|22/06/2021||Issue discovered during a pentest|
|26/06/2021||Submitted pull request on their Github repo|
|09/02/2022||Pull request accepted|
|02/12/2022||202-ecommerce find the same vulnerability independently|
|15/02/2023||202-ecommerce contact me offering to handle applying for CVE for this bug as I hadn’t done so|
|15/02/2023||Number CVE-2022-31101 assigned|
|23/03/2023||Vulnerability disclosed in Friends of Presta advisory|
|03/08/2023||Blog post released|